From aa5717324da7fb9e79536757479aa7920a4652c5 Mon Sep 17 00:00:00 2001
From: Teddy Roncin <teddy.roncin@proton.me>
Date: Wed, 15 May 2024 14:25:53 +0200
Subject: [PATCH] changes

---
 web/.env.dist        |  1 +
 web/src/apiRouter.ts |  9 ++++-
 web/src/webRouter.ts | 92 ++++++++++++++++++++++----------------------
 3 files changed, 55 insertions(+), 47 deletions(-)

diff --git a/web/.env.dist b/web/.env.dist
index fb1ab7e..49ebf1c 100644
--- a/web/.env.dist
+++ b/web/.env.dist
@@ -9,3 +9,4 @@ SESAME_LENGTH=4
 SENTRY_DSN=
 TIME_BEFORE_CHEST_DEATH=3600
 TOTAL_JOYCONS=4
+API_KEY=test
diff --git a/web/src/apiRouter.ts b/web/src/apiRouter.ts
index d65bb67..7b8a064 100644
--- a/web/src/apiRouter.ts
+++ b/web/src/apiRouter.ts
@@ -5,6 +5,13 @@ import {generateCode, setLastTimeChestWasAlive} from "./utils";
 
 const apiRouter = Router();
 
+apiRouter.use((request: Request, response: Response, next) => {
+  if (!request.headers['Authorisation'] || request.headers['Authorisation'] !== `Bearer ${process.env.API_KEY}`) {
+    return response.status(403).send("Invalid API Key");
+  }
+  return next();
+});
+
 apiRouter.post("/sesame", async (request: Request, response: Response) => {
   const sesame: string | undefined = request.body.code;
   if (!sesame) return response.status(400).send("Missing code");
@@ -50,7 +57,7 @@ apiRouter.post("/sesame", async (request: Request, response: Response) => {
   return response.status(200).send("Sésame ouvre toi");
 });
 
-apiRouter.get("/imstillalive", async (request: Request, response: Response) => {
+apiRouter.get("/ping", async (request: Request, response: Response) => {
   setLastTimeChestWasAlive(Date.now());
   return response.status(200).send("Good news ! (Me too)");
 });
diff --git a/web/src/webRouter.ts b/web/src/webRouter.ts
index de5e996..b06cd6f 100644
--- a/web/src/webRouter.ts
+++ b/web/src/webRouter.ts
@@ -91,58 +91,58 @@ webRouter.get("/code", async (request: Request, response: Response) => {
 });
 
 webRouter.get("/login", async (request: Request, response: Response) => {
-  if (request.query["ticket"]) {
-    const res = await fetch(
-      `https://cas.utt.fr/cas/serviceValidate?service=${encodeURI(
-        process.env.CAS_SERVICE
-      )}&ticket=${request.query["ticket"]}`
-    );
-    const resData: {
-      ["cas:serviceResponse"]:
-        | {
-            ["cas:authenticationSuccess"]: {
-              ["cas:attributes"]: {
-                "cas:uid": string;
-                "cas:mail": string;
-                "cas:sn": string;
-                "cas:givenName": string;
-              };
-            };
-          }
-        | { "cas:authenticationFailure": unknown };
-    } = new XMLParser().parse(await res.text());
-    if ("cas:authenticationFailure" in resData["cas:serviceResponse"]) {
-      return response.redirect("/login");
+  if (!request.query["ticket"]) {
+    return response.sendFile(path.join(__dirname, "../www/login.html"));
+  }
+  const res = await fetch(
+    `https://cas.utt.fr/cas/serviceValidate?service=${encodeURI(
+      process.env.CAS_SERVICE
+    )}&ticket=${request.query["ticket"]}`
+  );
+  const resData: {
+    ["cas:serviceResponse"]:
+      | {
+      ["cas:authenticationSuccess"]: {
+        ["cas:attributes"]: {
+          "cas:uid": string;
+          "cas:mail": string;
+          "cas:sn": string;
+          "cas:givenName": string;
+        };
+      };
     }
-    const userData = {
-      login:
-        resData["cas:serviceResponse"]["cas:authenticationSuccess"][
-          "cas:attributes"
-        ]["cas:uid"],
-      mail: resData["cas:serviceResponse"]["cas:authenticationSuccess"][
+      | { "cas:authenticationFailure": unknown };
+  } = new XMLParser().parse(await res.text());
+  if ("cas:authenticationFailure" in resData["cas:serviceResponse"]) {
+    return response.redirect('/login');
+  }
+  const userData = {
+    login:
+      resData["cas:serviceResponse"]["cas:authenticationSuccess"][
         "cas:attributes"
+        ]["cas:uid"],
+    mail: resData["cas:serviceResponse"]["cas:authenticationSuccess"][
+      "cas:attributes"
       ]["cas:mail"],
-      lastName:
-        resData["cas:serviceResponse"]["cas:authenticationSuccess"][
-          "cas:attributes"
+    lastName:
+      resData["cas:serviceResponse"]["cas:authenticationSuccess"][
+        "cas:attributes"
         ]["cas:sn"],
-      firstName:
-        resData["cas:serviceResponse"]["cas:authenticationSuccess"][
-          "cas:attributes"
+    firstName:
+      resData["cas:serviceResponse"]["cas:authenticationSuccess"][
+        "cas:attributes"
         ]["cas:givenName"],
-    };
-    let user = await prisma.user.findUnique({
-      where: { login: userData.login },
-    });
-    if (!user) {
-      await prisma.user.create({ data: userData });
-    }
-    const token = jwt.sign({ login: userData.login }, process.env.JWT_SECRET, {
-      expiresIn: process.env.JWT_EXPIRES_IN,
-    });
-    return response.cookie("token", token).redirect("/");
+  };
+  let user = await prisma.user.findUnique({
+    where: { login: userData.login },
+  });
+  if (!user) {
+    await prisma.user.create({ data: userData });
   }
-  return response.sendFile(path.join(__dirname, "../www/login.html"));
+  const token = jwt.sign({ login: userData.login }, process.env.JWT_SECRET, {
+    expiresIn: process.env.JWT_EXPIRES_IN,
+  });
+  return response.cookie("token", token).redirect("/");
 });
 
 webRouter.get("/login/cas", async (request: Request, response: Response) => {